Search
Total
753 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-5091 | 1 Status2k | 1 Status2k | 2020-02-11 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability exits in Status2K 2.5 Server Monitoring Software via the multies parameter to includes/functions.php, which could let a malicious user execute arbitrary PHP code. | |||||
| CVE-2010-4815 | 1 Coppermine-gallery | 1 Coppermine Gallery | 2020-02-07 | 7.5 HIGH | 9.8 CRITICAL |
| Coppermine gallery before 1.4.26 has an input validation vulnerability that allows for code execution. | |||||
| CVE-2020-8125 | 1 Klona Project | 1 Klona | 2020-02-06 | 7.5 HIGH | 9.8 CRITICAL |
| Flaw in input validation in npm package klona version 1.1.0 and earlier may allow prototype pollution attack that may result in remote code execution or denial of service of applications using klona. | |||||
| CVE-2013-2571 | 1 Hcomm | 1 Xpient Iris | 2020-02-06 | 7.5 HIGH | 9.8 CRITICAL |
| Iris 3.8 before build 1548, as used in Xpient point of sale (POS) systems, allows remote attackers to execute arbitrary commands via a crafted request to TCP port 7510, as demonstrated by opening the cash drawer. | |||||
| CVE-2014-2914 | 1 Fishshell | 1 Fish | 2020-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| fish (aka fish-shell) 2.0.0 before 2.1.1 does not restrict access to the configuration service (aka fish_config), which allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by set_prompt. | |||||
| CVE-2019-16029 | 1 Cisco | 1 Smart Software Manager On-prem | 2020-01-31 | 6.4 MEDIUM | 9.1 CRITICAL |
| A vulnerability in the application programming interface (API) of Cisco Smart Software Manager On-Prem could allow an unauthenticated, remote attacker to change user account information which can prevent users from logging in, resulting in a denial of service (DoS) condition of the web interface. The vulnerability is due to the lack of input validation in the API. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. An exploit could allow the attacker to change or corrupt user account information which could grant the attacker administrator access or prevent legitimate user access to the web interface, resulting in a denial of service (DoS) condition. | |||||
| CVE-2012-5699 | 1 Babygekko | 1 Babygekko | 2020-01-29 | 7.5 HIGH | 9.8 CRITICAL |
| BabyGekko before 1.2.4 allows PHP file inclusion. | |||||
| CVE-2015-2784 | 1 Papercrop Project | 1 Papercrop | 2020-01-29 | 7.5 HIGH | 9.8 CRITICAL |
| The papercrop gem before 0.3.0 for Ruby on Rails does not properly handle crop input. | |||||
| CVE-2019-19836 | 1 Ruckuswireless | 17 C110, E510, H320 and 14 more | 2020-01-23 | 7.5 HIGH | 9.8 CRITICAL |
| AjaxRestrictedCmdStat in zap in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote code execution via a POST request that uses tools/_rcmdstat.jsp to write to a specified filename. | |||||
| CVE-2019-19495 | 1 Technicolor | 2 Tc7230 Steb, Tc7230 Steb Firmware | 2020-01-22 | 10.0 HIGH | 9.8 CRITICAL |
| The web interface on the Technicolor TC7230 STEB 01.25 is vulnerable to DNS rebinding, which allows a remote attacker to configure the cable modem via JavaScript in a victim's browser. The attacker can then configure the cable modem to port forward the modem's internal TELNET server, allowing external access to a root shell. | |||||
| CVE-2011-3203 | 1 Jcow | 1 Jcow Cms | 2020-01-17 | 7.5 HIGH | 9.8 CRITICAL |
| A Code Execution vulnerability exists the attachment parameter to index.php in Jcow CMS 4.x to 4.2 and 5.2 to 5.2. | |||||
| CVE-2020-5519 | 1 Litespeedtech | 1 Openlitespeed | 2020-01-15 | 7.5 HIGH | 9.8 CRITICAL |
| The WebAdmin Console in OpenLiteSpeed before v1.6.5 does not strictly check request URLs, as demonstrated by the "Server Configuration > External App" screen. | |||||
| CVE-2019-10672 | 1 Symonics | 1 Libmysofa | 2020-01-08 | 7.5 HIGH | 9.8 CRITICAL |
| treeRead in hdf/btree.c in libmysofa before 0.7 does not properly validate multiplications and additions. | |||||
| CVE-2019-20041 | 1 Wordpress | 1 Wordpress | 2020-01-08 | 7.5 HIGH | 9.8 CRITICAL |
| wp_kses_bad_protocol in wp-includes/kses.php in WordPress before 5.3.1 mishandles the HTML5 colon named entity, allowing attackers to bypass input sanitization, as demonstrated by the javascript: substring. | |||||
| CVE-2019-11107 | 1 Intel | 1 Active Management Technology Firmware | 2020-01-02 | 7.5 HIGH | 9.8 CRITICAL |
| Insufficient input validation in the subsystem for Intel(R) AMT before version 12.0.45 may allow an unauthenticated user to potentially enable escalation of privilege via network access. | |||||
| CVE-2019-19398 | 1 Huawei | 2 M5 Lite 10, M5 Lite 10 Firmware | 2020-01-02 | 7.5 HIGH | 9.8 CRITICAL |
| M5 lite 10 with versions of 8.0.0.182(C00) have an insufficient input validation vulnerability. Due to the input validation logic is incorrect, an attacker can exploit this vulnerability to modify the memory of the device by doing a series of operations. Successful exploit may lead to malicious code execution. | |||||
| CVE-2014-5289 | 1 Senkas Kolibri Project | 1 Senkas Kolibri | 2019-12-31 | 7.5 HIGH | 9.8 CRITICAL |
| Buffer overflow in Senkas Kolibri 2.0 allows remote attackers to execute arbitrary code via a long URI in a POST request. | |||||
| CVE-2019-13932 | 1 Siemens | 1 Xhq | 2019-12-19 | 6.4 MEDIUM | 9.1 CRITICAL |
| A vulnerability has been identified in XHQ (All versions < V6.0.0.2). The web application requests could be manipulated, causing the the application to behave in unexpected ways for legitimate users. Successful exploitation does not require for an attacker to be authenticated. A successful attack could allow the import of scripts or generation of malicious links. This could allow the attacker to read or modify contents of the web application. At the time of advisory publication no public exploitation of this security vulnerability was known. | |||||
| CVE-2015-5254 | 3 Apache, Fedoraproject, Redhat | 3 Activemq, Fedora, Openshift | 2019-12-17 | 7.5 HIGH | 9.8 CRITICAL |
| Apache ActiveMQ 5.x before 5.13.0 does not restrict the classes that can be serialized in the broker, which allows remote attackers to execute arbitrary code via a crafted serialized Java Message Service (JMS) ObjectMessage object. | |||||
| CVE-2011-4120 | 3 Debian, Linux, Yubico | 3 Debian Linux, Linux Kernel, Pam Module | 2019-12-16 | 7.5 HIGH | 9.8 CRITICAL |
| Yubico PAM Module before 2.10 performed user authentication when 'use_first_pass' PAM configuration option was not used and the module was configured as 'sufficient' in the PAM configuration. A remote attacker could use this flaw to circumvent common authentication process and obtain access to the account in question by providing a NULL value (pressing Ctrl-D keyboard sequence) as the password string. | |||||
| CVE-2019-0604 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2019-12-13 | 7.5 HIGH | 9.8 CRITICAL |
| A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0594. | |||||
| CVE-2019-19249 | 1 Querytreeapp | 1 Querytree | 2019-12-11 | 7.5 HIGH | 9.8 CRITICAL |
| Controllers/InvitationsController.cs in QueryTree before 3.0.99-beta mishandles invitations. | |||||
| CVE-2012-5582 | 1 Opendnssec | 1 Opendnssec | 2019-12-09 | 7.5 HIGH | 9.8 CRITICAL |
| opendnssec misuses libcurl API | |||||
| CVE-2019-1581 | 1 Paloaltonetworks | 1 Pan-os | 2019-12-05 | 7.5 HIGH | 9.8 CRITICAL |
| A remote code execution vulnerability in the PAN-OS SSH device management interface that can lead to unauthenticated remote users with network access to the SSH management interface gaining root access to PAN-OS. This issue affects PAN-OS 7.1 versions prior to 7.1.24-h1, 7.1.25; 8.0 versions prior to 8.0.19-h1, 8.0.20; 8.1 versions prior to 8.1.9-h4, 8.1.10; 9.0 versions prior to 9.0.3-h3, 9.0.4. | |||||
| CVE-2013-7171 | 1 Slackware | 1 Slackware Linux | 2019-12-03 | 10.0 HIGH | 9.8 CRITICAL |
| Slackware 14.0 and 14.1, and Slackware LLVM 3.0-i486-2 and 3.3-i486-2, contain world-writable permissions on the /tmp directory which could allow remote attackers to execute arbitrary code with root privileges. | |||||
| CVE-2011-0703 | 2 Debian, Gksu-polkit Project | 2 Debian Linux, Gksu-polkit | 2019-12-03 | 7.5 HIGH | 9.8 CRITICAL |
| In gksu-polkit before 0.0.3, the source file for xauth may contain arbitrary commands that may allow an attacker to overtake an administrator X11 session. | |||||
| CVE-2012-3460 | 1 Redhat | 1 Enterprise Mrg | 2019-11-25 | 7.5 HIGH | 9.8 CRITICAL |
| cumin: At installation postgresql database user created without password | |||||
| CVE-2013-2093 | 1 Dolibarr | 1 Dolibarr | 2019-11-22 | 10.0 HIGH | 9.8 CRITICAL |
| Dolibarr ERP/CRM 3.3.1 does not properly validate user input in viewimage.php and barcode.lib.php which allows remote attackers to execute arbitrary commands. | |||||
| CVE-2011-1028 | 2 Debian, Smarty | 2 Debian Linux, Smarty | 2019-11-22 | 7.5 HIGH | 9.8 CRITICAL |
| The $smarty.template variable in Smarty3 allows attackers to possibly execute arbitrary PHP code via the sysplugins/smarty_internal_compile_private_special_variable.php file. | |||||
| CVE-2010-4660 | 1 Status | 1 Statusnet | 2019-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Unspecified vulnerability in statusnet through 2010 due to the way addslashes are used in SQL string escapes.. | |||||
| CVE-2019-0721 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2019-11-14 | 9.0 HIGH | 9.1 CRITICAL |
| A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0719. | |||||
| CVE-2019-0719 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2019-11-14 | 9.0 HIGH | 9.1 CRITICAL |
| A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0721. | |||||
| CVE-2011-2897 | 3 Debian, Gnome, Redhat | 3 Debian Linux, Gdk-pixbuf, Enterprise Linux | 2019-11-14 | 7.5 HIGH | 9.8 CRITICAL |
| gdk-pixbuf through 2.31.1 has GIF loader buffer overflow when initializing decompression tables due to an input validation flaw | |||||
| CVE-2010-2447 | 1 Gitolite | 1 Gitolite | 2019-11-12 | 7.5 HIGH | 9.8 CRITICAL |
| gitolite before 1.4.1 does not filter src/ or hooks/ from path names. | |||||
| CVE-2010-2476 | 1 Syscp Project | 1 Syscp | 2019-11-12 | 7.5 HIGH | 9.8 CRITICAL |
| syscp 1.4.2.1 allows attackers to add arbitrary paths via the documentroot of a domain by appending a colon to it and setting the open basedir path to use that domain documentroot. | |||||
| CVE-2013-4409 | 3 Fedoraproject, Redhat, Reviewboard | 4 Fedora, Enterprise Linux, Djblets and 1 more | 2019-11-08 | 7.5 HIGH | 9.8 CRITICAL |
| An eval() vulnerability exists in Python Software Foundation Djblets 0.7.21 and Beanbag Review Board before 1.7.15 when parsing JSON requests. | |||||
| CVE-2013-1751 | 1 Twiki | 1 Twiki | 2019-11-08 | 10.0 HIGH | 9.8 CRITICAL |
| TWiki before 5.1.4 allows remote attackers to execute arbitrary shell commands by sending a crafted '%MAKETEXT{}%' parameter value containing Perl backtick characters. | |||||
| CVE-2010-2446 | 1 Ruby-rbot | 1 Rbot | 2019-11-08 | 7.5 HIGH | 9.8 CRITICAL |
| Rbot Reaction plugin allows command execution | |||||
| CVE-2013-4103 | 1 Cryptocat Project | 1 Cryptocat | 2019-11-06 | 7.5 HIGH | 9.8 CRITICAL |
| Cryptocat before 2.0.22 has Remote Script Injection due to improperly sanitizing user input | |||||
| CVE-2015-8980 | 4 Fedoraproject, Opensuse, Php-gettext Project and 1 more | 4 Fedora, Leap, Php-gettext and 1 more | 2019-11-06 | 7.5 HIGH | 9.8 CRITICAL |
| The plural form formula in ngettext family of calls in php-gettext before 1.0.12 allows remote attackers to execute arbitrary code. | |||||
| CVE-2012-6125 | 1 Call-cc | 1 Chicken | 2019-11-05 | 7.5 HIGH | 9.8 CRITICAL |
| Chicken before 4.8.0 is susceptible to algorithmic complexity attacks related to hash table collisions. | |||||
| CVE-2013-2259 | 1 Cryptocat Project | 1 Cryptocat | 2019-11-05 | 7.5 HIGH | 9.8 CRITICAL |
| Cryptocat before 2.0.22 has Arbitrary Code Execution on Firefox Conversation Overview | |||||
| CVE-2012-0694 | 1 Sugarcrm | 1 Sugarcrm | 2019-11-01 | 7.5 HIGH | 9.8 CRITICAL |
| SugarCRM CE <= 6.3.1 contains scripts that use "unserialize()" with user controlled input which allows remote attackers to execute arbitrary PHP code. | |||||
| CVE-2010-3375 | 1 Qtparted Project | 1 Qtparted | 2019-11-01 | 7.5 HIGH | 9.8 CRITICAL |
| qtparted has insecure library loading which may allow arbitrary code execution | |||||
| CVE-2002-2444 | 1 Snoopy Project | 1 Snoopy | 2019-11-01 | 7.5 HIGH | 9.8 CRITICAL |
| Snoopy before 2.0.0 has a security hole in exec cURL | |||||
| CVE-2010-4239 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2019-10-29 | 7.5 HIGH | 9.8 CRITICAL |
| Tiki Wiki CMS Groupware 5.2 has Local File Inclusion | |||||
| CVE-2019-16699 | 1 Sr Freecap Project | 1 Sr Freecap | 2019-10-21 | 7.5 HIGH | 9.8 CRITICAL |
| The sr_freecap (aka freeCap CAPTCHA) extension 2.4.5 and below and 2.5.2 and below for TYPO3 fails to sanitize user input, which allows execution of arbitrary Extbase actions, resulting in Remote Code Execution. | |||||
| CVE-2016-6087 | 1 Ibm | 1 Domino | 2019-10-16 | 5.0 MEDIUM | 9.8 CRITICAL |
| IBM Domino 8.5 and 9.0 could allow an attacker to steal credentials using multiple sessions and large amounts of data using Domino TLS Key Exchange validation. IBM X-Force ID: 117918. | |||||
| CVE-2018-10105 | 1 Tcpdump | 1 Tcpdump | 2019-10-11 | 7.5 HIGH | 9.8 CRITICAL |
| tcpdump before 4.9.3 mishandles the printing of SMB data (issue 2 of 2). | |||||
| CVE-2018-10103 | 1 Tcpdump | 1 Tcpdump | 2019-10-11 | 7.5 HIGH | 9.8 CRITICAL |
| tcpdump before 4.9.3 mishandles the printing of SMB data (issue 1 of 2). | |||||